very interesting, youre hosted on godaddy, Are you sure they have mod_access enabled?
Thread Starter
Kahil
(@kahil)
mod_access? i have no frickin idea how or what that is…
mod_access is an apache module. Its what youre using when you do the deny/allow directives, see link above.
If its NOT installed, those rules are useless.
you can create a phpinfo file to check whats installed..
make a file, and put this inside of it:
<?php
phpinfo();
?>
Under “Apache” you will see the modules listed.
Thread Starter
Kahil
(@kahil)
but i have seen a cutback on the attacks, a strong cutback… its just a couple IPs keep getting through…
Do what I suggested, to make sure. A cutback doesnt mean anything. It might be a lull, instead, especially if you are NOT seeing 403s in your server logs.
Ooops, I forgot, you want to make sure that file ends in .php and then call it up in your browser.
I’ll be back in a bit, Im doing laundry.
Thread Starter
Kahil
(@kahil)
OK, this is what my host, GoDaddy has said to my mod_access question.
“Thank you for contacting customer support. No, mod_access is not enabled. Unfortunately, you will not be able to block IP addresses at the server level. We apologize for any inconvenience that this may cause you.
Please let us know if we can help you in any other way.
So basically they don’t care if you content is safe or not. I’ve doubled checked and there is no real security features given. So… Does anyone know of a secure, comparable service? Right now I only pay $4 a month for the economy plan. I’d of course would have to be able to have a plan with decent bandwidth and space. I don’t want to have to pay for more bandwidth cause i run through what i get per month, just don’t want to have to worry about that…you guys know how it is and what i mean…
unless someone knows another way for my to protect things with a godaddy account…I can’t even use the bad behavior plugin…
Thank you,
Kahil
That’s nuts. Time to find another host. If they don’t care about people slamming their servers, from things like automated open proxies and stuff, then that’s a real worry.
Find a good reputable host.
You could just block the IP address with a little PHP in your WordPress header file. That would definitly work regardless of how your host is set.
If the IP matches.. it simple stops loading the page.
Thread Starter
Kahil
(@kahil)
Aleister:
Can you explain as to how to do that to my header file?
I’d like to be able to just leave things where they are cause its just easier for me with my schedule, etc… plus i have prepaid for my hosting cause it was even cheaper doing so and i wouldn’t have to worry about it… I still have a few months left on it… But I would like to be able to protect my files and everything… I don’t want people to be able to hit and abuse my site like this anymore and to be able to keep them from roaming through folders and all that… just so that they can only visit the site itself and thats it. I think that is what most people would and do want right?
Thank you,
Kahil
Here you go:
Open up wp-blog-header.
After the following line:
<?php
Add this:
$banned_ips = array(
"1.2.3.4",
"1.2.3.5",
"1.2.3.6"
);
if (in_array($_SERVER['REMOTE_ADDR'], $banned_ips)) {
die();
}
$banned_ips is just a comma separated array of strings. It will simply compare the current users ip to the list of banned ip’s and if it is found in the list, the page will not load. π
Thread Starter
Kahil
(@kahil)
is there an online or supplementary source on this? I just like to double check and learn all I can about things before i do it so i can understand exactly what i’m doing…
Thank you Aleister,
Kahil
thats a terrible way to go.. for starters your using up precious visitor time and server resources/time DNS’ing ips before you display a page OR not.. Not at all good. Second, youre NOT doing it at the server level.
Ditch that, kahil.
They DO have mod_rewrite installed. You can accomplish EXACTLY the same thing using mod_rewrite.
I am at work, but when I get home I will paste you some examples .. its NO harder then what you have been doing, and will save you the move.
Dont sweat it.
Talk later,
sistah whoo
whooami: The value REMOTE_ADDR is already present. The server is not having to do any real work. The only thing that code actually does is run a single PHP function to check and see if text is in an array. You cannot tell me that this one basic PHP function is going to be using precious visitor time π
I agree, there are many methods, and this is just one, but to call it a ‘terrible way to go’ is a bit harsh I think π
Thread Starter
Kahil
(@kahil)
so the header thing makes it so that everytime anyone visits it sits and goes through the list of blocked IPs to find matches and then loads the page? so that it could take some time for pages to load and use up server bandwidth?
thank you sistah whoo
